Corellium, a security firm dragged to court by Apple over copyright infringement, has won a major legal battle over the iOS maker.
Apple’s claim was that Corellium had violated copyright law with its software, which helps security researchers find bugs and security holes on Apple’s products. However, a federal Florida judge yesterday dismissed Apple’s copyright infringement lawsuit against the cybersecurity start-up firm, and experts warn the case could have implications for researchers who find software bugs and vulnerabilities.
Judge Rodney Smith said Apple failed to show a legal basis for protecting its entire iOS operating system from security researchers.
Apple sued the Florida-based start-up in 2019 claiming its “virtualisation” of iOS software constituted copyright infringement.
In the lawsuit, Apple argued that Corellium’s products could be dangerous if they fall into the wrong hands because security flaws discovered by Corellium could be used to hack iPhones. Apple also argued that Corellium sells its product indiscriminately, a claim Corellium denied.
However, the judge ruled that Corellium’s work, which is designed to find security holes in the software, was “fair use” of copyrighted material.
“From the infancy of copyright protection, courts have recognised that some opportunity for fair use of copyrighted materials is necessary to fulfil copyright’s purpose of promoting ‘the progress of science and useful arts’,” Smith wrote.
“There is evidence in the record to support Corellium’s position that its product is intended for security research and, as Apple concedes, can be used for security research. Further, Apple itself would have used the product for internal testing had it successfully acquired the company.”
Apple initially attempted to acquire Corellium in 2018, according to court records. However, when the acquisition talks stalled, Apple sued Corellium last year, claiming its virtual iPhones, which contain only the bare-bones functions necessary for security research, constitute a violation of copyright law. Apple also alleged Corellium circumvented Apple’s security measures to create the software, thereby violating the Digital Millennium Copyright Act. That claim has not been thrown out.
According to reports, the ruling, if upheld, represents a victory for security researchers who could face civil or criminal penalties for reproducing copyrighted software as part of efforts to find vulnerabilities.
It also limits Apple’s efforts to exercise full control of its iPhone software and its ability to force third parties to use its proprietary security research tools.
David L. Hecht, founder of law firm Hecht Partners and co-counsel for Corellium, said in a statement: “We are very pleased with the Court’s ruling on fair use and are proud of the strength and resolve that our clients at Corellium have displayed in this important battle. The Court affirmed the strong balance that fair use provides against the reach of copyright protection into other markets, which is a huge win for the security research industry in particular.”
Apple is yet to release an official statement as touching the ruling.
NEWS/PHOTO SOURCE: News Agencies | Tech Crunch